Uploaded image for project: 'OpenEJB'
  1. OpenEJB
  2. OPENEJB-2046

@Asynchronous calls on void methods mask failing authentication

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 4.6.0
    • Fix Version/s: 4.6.0
    • Component/s: container system
    • Labels:
      None
    • Environment:
      NA

      Description

      Beans that are annotated with:

      @DeclareRoles(

      {"role"})
      @RolesAllowed({"role"}

      )

      That are called on a method annotated with:

      @Asynchronous

      ...fail silently as the EJBAccessException that is thrown is never logged, and (due to the nature of asynchronous) is never propagated.

      The EJBAccessException occurs because the role is not propagated correctly into ThreadContext where containers that call getSecurityService().isCallerAuthorized

        Attachments

          Activity

            People

            • Assignee:
              andyg Andy Gumbrecht
              Reporter:
              andyg Andy Gumbrecht
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: